Community Discussions:

Communication is one of the most important features of the communities, and the community discussion forums lets you interact with your peers around the world. Ask a question, share insights and experiences, and develop best practices.

Want to take advantage of this great feature? Login or join PMI to gain full access to this community.

Already a Member?

Login
Not a Member Yet?

Join Now
If you have any questions, please contact us at vcpsupport@pmi.org

Active Forums

Minimize
What is the difference between avoiding, accepting and transferring risks?
Last Post 12 Dec 2010 09:14 AM by Edmund Conrow. 9 Replies.
Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
Leasella Owens New Member New Member Posts:16

--
27 Mar 2010 06:09 PM
    All three are the product of a conscientious decision process during the project life cycle. Avoiding risk results in the project team altering the project means, methods and execution plan to eliminate the potential of the stated risk. Accepting risk results in the project team periodically monitoring project performance and implementing preventive and corrective actions on positive or negative risks within budgeted resources. Transferring risk results in the project team sharing accountability of risk management with several project participants, mostly frequently an outside contractor(s).

    originally posted by Henry Hattenrath - PMI Practice Standard for Risk Management Project Team
    Kik Piney New Member New Member Posts:54

    --
    15 Apr 2010 11:18 PM
    Let us go one step further - within and beyond the PMI standard:

    1) You are only talking about threats so we also need to consider enhancing, accepting and sharing as strategies
    2) You have omitted the technique that is most frequently used: mitigation for threats and enhancement for opportunities. These entail aiming to decrease (increase) the expected value of the risk by affecting the probability and/or the impact.
    3) The normal transfer/share tends to focus on the impact (e.g. insurance) rather than the probability (although sharing as in partnerships may include enhancement)
    4) Beyond PMI: whereas avoidance implies getting out of the way of the impact and mitigation can entail reducing the probability, there is no clear term for making the event impossible: the term "removal" would fit this well. One approach for this is pre-emptive action to affect the cause (e.g. remove the threat of smoking-induced disease by giving up smoking). The corresponding strategy for opportunities (making the event sure to happen) is possibly the stuff of dreams rather than reality and probably enhancement is the best we can hope for.
    5) Since transfer has a focus on the impact rather than on the management of the risk, we also need to consider "escalation and delegation" which apply equally to threats and to opprtunities. This has become more obvious since the arrival of the standards for Portfolio and for Program management.

    I would be interested to know whether these clarifications and extensions seem to be valid and useful, and what other extensions to the process of risk response planning could be useful.

    Kik
    Ondiappan Arivazhagan New Member New Member Posts:3

    --
    16 Apr 2010 02:33 AM
    Avoidance focuses CHIEFLY on the "probability" of occurrence of the risk event.

    Ex. Do not hire overseas labor as they may not culturally fit into the locals. Avoid hiring them

    Mitigation focuses CHIEFLY on the "impact" of the risk event - assuming to some extent that the risk event could not be totally avoided, it will mostly occur and hence let us accept it actively and try to at least mitigate the impact.

    Ex. Hire overseas labor even if they do not culturally fit into the locals. However, train them suitably to mitigate the culture shock so as to integrate them with the project team to work as a team.

    Transfer focuses on "how to outsource the management of a risk event" including the probability of occurrence and the impact if it occurs as the performing organization is not willing to or not capable of handling it .

    Ex. Hire a HR firm and outsource the management of this risk event to them by paying a premium to them and at the same time holding them contractually accountable for any loss in productivity, strife, attrition, etc due to culture shock. The HR firm has to pay to you in case the risk event occurs and impacts the project objectives.

    Ari
    Harish Pathria New Member New Member Posts:9

    --
    25 Apr 2010 11:55 AM

    Firstly, all three are different techniques to manage risks on a project. Risks can be handled with varying combinations of all possible risk handling techniques. But, to drive home the distinction between the given 3 techniques above, what follows is one of the ways to appreciate the subtle difference and of making the choice of one of the 3 techniques.

    The choice of a specific technique depends on the following factors: -
    1. Timing of risk identification
    2. Probability of occurrence of the risk
    3. Impact if the risk materializes

    Timing of Risk Identification
    Keeping all other factors the same, here is how timing of identifying a risk affects the choice of technique:-
    Risk identified in early stages: Avoidance is a natural choice. If not, enough time on our hands allows us to plan to mitigate the risk.
    Risk identified ahead of time (but the available time does not permit substantial change of plans): Transference of risk will be the preferred choice out of the 3 techniques under discussion. This course of action is appropriate when we assume that risk mitigation was considered but transferring the risk will cost less and/or the reduction in impact due to materialization of risk will be the same.
    Risk identified but the materialization of risk is imminent: Assuming mitigation was one of the options considered that did not fit well in the timeframe, acceptance of risk may be the way to go out of the 3 in techniques in question here.


    Probability of Occurrence
    Keeping all other factors the same, if the probability of occurrence of risk is high avoiding it is very difficult. In that scenario, approach the risk-handling in the following order: -

    1. Mitigate.
    2. If not feasible and/or effective - Transfer.
    3. If not feasible and/or effective - Accept.


    Impact (if the risk materializes)
    If one’s choice holds good, one would want to avoid a high-impact risk altogether. If not, mitigation is the preferred way to go.
    Risk Transfer reduces the impact only when provided the impact is local to the project. This may be the next preferred choice.
    Risk Acceptance in case of a high-impact risk may prove suicidal for the project.

    David Hillson - The Risk Doctor Basic Member Basic Member Posts:145

    --
    08 May 2010 02:50 AM
    Isn't this a trivial question? Why not read the PMBoK Chapter 11 Section 11.5.2? Or chapter 8 of the PMI Prctice Standard for Project Risk Management? Or any other basic risk textbook?

    And why does the question only mention "avoid, accept, transfer"? What about reduce?

    And what about opportunity responses (exploit, share, enhance, accept)?

    Hmmm. We need better discussion questions than this surely?
    Edmund Conrow New Member New Member Posts:22

    --
    20 Nov 2010 03:30 PM
    Perhaps the best eight page discussion of risk handling (response) techniques published anywhere is contained in the “Risk Management Guide for DoD Acquisition,” Defense Acquisition University, Fifth Edition, Version 2, June 2003, pp. 70-78. This guide is NOT copyrighted and can be downloaded by anyone from:

    http://www.dau.mil/pubs/gdbks/RMG%2...e%2003.pdf

    The information contained in the guide will clearly answer your question. The guide will also provide a number of different examples for each risk handling (response) technique.

    Regards,
    Dr. Edmund (Ed) H. Conrow, CMC, CRM, PMP
    INCOSE Fellow (Risk Management, and Cost, Performance, Schedule Trade Methods)
    Kik Piney New Member New Member Posts:54

    --
    20 Nov 2010 11:36 PM
    Yes but, they start from the definition (p 7.) of risk: "Risk is a measure of the potential inability to achieve overall program objectives ..." i.e. the purely threat-based view, so the risk handling techniques proposed can only alleviate the potential misery, but never capture any potential joy! A good view, certainly, but only a partial view of how to address this, but then the document was written 7 years ago and a lot of progress has been made since then.

    Kik
    Edmund Conrow New Member New Member Posts:22

    --
    21 Nov 2010 12:14 PM
    All properly developed risk handling strategies also explore opportunities as part of the threat response, both in terms of the tool selected and the implementation approach. The eight pages contained in the DAU document, while not perfect, are as good, if not superior to any other short summary that exists today. (This comes from having been the risk manager, risk management consultant, or risk managerment mentor on more than 25 projects and proposals with actual contractual expenditures exceeding $200 billion USD.)

    Regards,
    Dr. Edmund (Ed) H. Conrow, CMC, CRM, PMP
    INCOSE Fellow (Risk Management, and Cost, Performance, Schedule Trade Methods)
    www.risk-services.com
    David Hillson - The Risk Doctor Basic Member Basic Member Posts:145

    --
    06 Dec 2010 11:31 AM
    I still think that as PMI we should be using PMI resources first. So we refer to PMBoK Chapter 11 Section 11.5.2, and chapter 8 of the PMI Practice Standard for Project Risk Management. These have the advantage over the DAU guide of being up to date, and dealing with responses to both threats and opportunities.
    Edmund Conrow New Member New Member Posts:22

    --
    12 Dec 2010 09:14 AM
    The examples given in the Fifth Edition Version 2 of the DAU Risk Management Guide for DoD Acquisition (risk handling, risk response section) are more extensive than those given in both the PMI PMBOK ® Guide and the PMI Practice Standard for Project Risk Management. The DAU Guide publication date is irrelevant—if the information is correct it doesn’t matter when it was published. And as previously mentioned, while the PMI material is copyrighted the DAU material is NOT copyrighted—you can use it as you wish. The two PMI references also contain excellent, helpful material on risk response. Hence, consider using information from both the DAU Guide and two PMI references in a manner that is appropriate for your needs.
    You are not authorized to post a reply.